-
Notifications
You must be signed in to change notification settings - Fork 407
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: prevent redirects (and possible MITM attacks) #1195
Comments
mfranzke
pushed a commit
to mfranzke/patternlab-node
that referenced
this issue
May 2, 2020
The link is missing a trailing slash, and caused a redirect. Adding the trailing slash would speed up browsing.
mfranzke
pushed a commit
to mfranzke/patternlab-node
that referenced
this issue
May 2, 2020
This is a permanent redirect. The link should be updated.
mfranzke
pushed a commit
to mfranzke/patternlab-node
that referenced
this issue
May 2, 2020
This is a permanent redirect. The link should be updated.
mfranzke
pushed a commit
to mfranzke/patternlab-node
that referenced
this issue
May 2, 2020
This is a permanent redirect. The link should be updated.
mfranzke
pushed a commit
to mfranzke/patternlab-node
that referenced
this issue
May 2, 2020
This is a permanent redirect. The link should be updated.
mfranzke
pushed a commit
to mfranzke/patternlab-node
that referenced
this issue
May 2, 2020
This is a permanent redirect. The link should be updated.
bmuenzenmeyer
added a commit
that referenced
this issue
May 5, 2020
chore(links): prevent redirects both on internal as well as external URLs #1195
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We could prevent redirects to pages my linking to their "correct" / canonical URL directly.
Additionally not all of the websites we're linking to have introduced the "HTTP Strict Transport Security" (HSTS) mechanism to redirect securely to their HTTPS equivalent.
Nevertheless we could anyhow prevent that redirect independently from security aspects by linking to their HTTPS version of the website.
Maybe I`m a little too german on this, but at least I've prepared everything for an "easy" merge.
The text was updated successfully, but these errors were encountered: